validate csv headers before full read

2025-04-26 02:54:43 +00:00 · 2025-01-07 18:43:27 +01:00 · 2025-01-07 18:43:27 +01:00 · 28193df3d0
commit 28193df3d0
parent bb55ffcb8a
2 changed files with 27 additions and 24 deletions
--- a/internal/subscriptions/domainperms.go
+++ b/internal/subscriptions/domainperms.go
@ -523,26 +523,15 @@ func permsFromCSV(
 	permType gtsmodel.DomainPermissionType,
 	body io.ReadCloser,
 ) ([]gtsmodel.DomainPermission, error) {
-	// Read body into memory as slice of CSV records.
-	records, err := csv.NewReader(body).ReadAll()
+	csvReader := csv.NewReader(body)

-	// Whatever happened, we're
-	// done with the body now.
-	body.Close()
-
-	// Check if error reading body.
+	// Read and validate column headers.
+	columnHeaders, err := csvReader.Read()
 	if err != nil {
-		return nil, gtserror.NewfAt(3, "error decoding into csv: %w", err)
+		body.Close()
+		return nil, gtserror.NewfAt(3, "error decoding csv column headers: %w", err)
 	}

-	// Make sure we actually
-	// have some records.
-	if len(records) == 0 {
-		return nil, nil
-	}
-
-	// Validate column headers.
-	columnHeaders := records[0]
 	if !slices.Equal(
 		columnHeaders,
 		[]string{
@ -554,15 +543,29 @@ func permsFromCSV(
 			"#obfuscate",
 		},
 	) {
-		return nil, gtserror.Newf(
-			"unexpected column headers in csv: %+v",
-			columnHeaders,
-		)
+		body.Close()
+		err := gtserror.NewfAt(3, "unexpected column headers in csv: %+v", columnHeaders)
+		return nil, err
 	}

-	// Trim off column headers
-	// now they're validated.
-	records = records[1:]
+	// Read remaining CSV records.
+	records, err := csvReader.ReadAll()
+
+	// Totally done
+	// with body now.
+	body.Close()
+
+	// Check for decode error.
+	if err != nil {
+		err := gtserror.NewfAt(3, "error decoding body into csv: %w", err)
+		return nil, err
+	}
+
+	// Make sure we actually
+	// have some records.
+	if len(records) == 0 {
+		return nil, nil
+	}

 	// Convert records to permissions slice.
 	perms := make([]gtsmodel.DomainPermission, 0, len(records))
--- a/internal/subscriptions/subscriptions_test.go
+++ b/internal/subscriptions/subscriptions_test.go
@ -472,7 +472,7 @@ func (suite *SubscriptionsTestSuite) TestDomainBlocksWrongContentTypeCSV() {
 	suite.Zero(count)
 	suite.WithinDuration(time.Now(), permSub.FetchedAt, 1*time.Minute)
 	suite.Zero(permSub.SuccessfullyFetchedAt)
-	suite.Equal(`permsFromCSV: unexpected column headers in csv: [bumfaces.net]`, permSub.Error)
+	suite.Equal(`ProcessDomainPermissionSubscription: unexpected column headers in csv: [bumfaces.net]`, permSub.Error)
 }

 func (suite *SubscriptionsTestSuite) TestDomainBlocksWrongContentTypePlain() {